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In the claims: 

1 . (Currently amended) A method for controlling access to a document, comprising: 
determining an access right for a user; 

building a member definition using the acc e ss right comprising a member identifier, an access 
control list and a digital signature, and associating the member definition with the user; 

linking the member definition to a first data portion of a document, wherein the document has the 
first data portion and a second data portion, 

receiving a request from the user to access the document; 

comparing the request with the access right; and 

allowing access to only the first data portion in accordance with the access right. 

2. (Canceled) 

3. (Canceled) 

4. (Original) The method of claim 1 , further comprising adding a new user to the document. 

5. (Original) The method of claim 1 , further comprising removing a member from the document. 

6. (Original) The method of claim 1 , further comprising: 
storing the member definition remotely from the document. 

7. (Original) The method of claim 1 , further comprising: 
storing the member definition in the document. 

8. (Original) The method of claim 1 , further comprising: 
encrypting the document; and 

linking the member definition with a public key and a private key. 



-2- 



Serial Number: 10/734,935 

Response to Official Action dated 03/27/2008 



Attorney Docket No.: 26530.92 (IDR-671) 
Customer No. 000027683 



9. (Original) The method of claim 1, further comprising: 
determining a second access right for the user; 

building a second member definition using the second access right; and 
linking the second member definition to a second portion of a document. 

10. (Original) The method of claim 9, wherein the first portion of the document and the second 
portion of the document are different. 

1 1 . (Previously presented) A system for controlling access to a document, comprising: 
a document comprising a first data and a second data; 

a first member definition associated with the first data, wherein the first member definition 
contains a first user identifier and a first access right for a first user for the first data; 

a second member definition associated with the second data, wherein the second member 
definition contains a second user identifier and a second access right for a second user for the second data; 
and 

an access controller that receives a request from the first user for access to the document, wherein 
the access controller locates the first member definition and allows access to the first data only. 

12. (Original) The system of claim 11, wherein the access controller limits access to the document in 
accordance with the first access right and the second access right. 

13. (Original) The system of claim 11, wherein the first user identifier and the second user identifier 
identify the same user and the first access right and the second access right identify different access rights, 

14. (Original) The system of claim 11, wherein the first member definition contains a digital 
signature. 

15. (Original) The system of claim 11, wherein the first member definition and second member 
definition are stored remotely from the document. 
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16. (Original) The system of claim 11, wherein the first member definition and second member 
definition are stored in the document. 

17. (Original) The system of claim 11, wherein the document is a tagged document. 

18. (Original) The system of claim 1 1 , wherein the document is an XML document. 

1 9. (Original) The system of claim 1 1 , wherein the document is a text document. 

20. (Original) The system of claim 1 1 , wherein the document is a binary document. 

21. (Currently) A computer-readable medium comprising a plurality of instructions for execution by 
at least one computer processor, wherein the instructions are for: 

determining a first access right for a first user and a second access right for a second user; 

building a first member definition using comprising the first access right, a first user identifier, 
and a first digital signature; 

building a second member definition using comprising the second access right, a second user 
identifier, and a second digital signature; 

linking the first member definition to a first portion of a document; 

linking the second member definition to a second portion of the document; 

storing the first member definition and second member definition remotely from the document; 

encrypting the document; 

receiving a request from a requester to access the document; 

based on the first user identifier and the second user identifier, determining the access right for 
the requester for the first portion of the document and the second portion of the document; and 

allowing access only to the first portion of the document in accordance with the first access right, 
or allowing access only to the second portion of the document in accordance with the second access right. 



